|
CEF Key
|
Description
|
Value
|
|
Header (logVer)
|
CEF format version
|
CEF:0
|
|
Header (vendor)
|
Appliance vendor
|
Trend Micro
|
|
Header (pname)
|
Appliance product
|
Apex Central
|
|
Header (pver)
|
Appliance version
|
2019
|
|
Header (eventid)
|
Event ID
|
700211
|
|
Header (eventName)
|
Log name
|
Managed Product Logon/Logoff Events
|
|
Header (severity)
|
Severity
|
3
|
|
deviceExternalId
|
ID
|
Example:
38 |
|
deviceFacility
|
Product name
|
Example:
ScanMail for Microsoft Exchange |
|
cs1Label
|
Corresponding label for the
cs1field |
Product_Version
|
|
cs1
|
Product version
|
Example:
14 |
|
cn1Label
|
Corresponding label for the
cn1field |
Command_Status
|
|
cn1
|
Command status
|
Example:
110 |
|
msg
|
Detailed event information
|
Example:
Sample Message |
|
shost
|
Product server name
|
Example:
SMEX01 |
Log sample:
CEF:0|Trend Micro|Apex Central|2019|700211|Managed Product L ogon/Logoff Events|3|deviceExternalId=11 shost=SMEX01 device Facility=ScanMail for Microsoft Exchange cs1Label=Product_Ve rsion cs1=14 cn1Label=Command_Status cn1=110 msg=A user with the Administrator role(s) has logged on. Detail Information :UserName:TEST2013\\administrator,IP address:10.204.166.127, EventType:Log in/out,SourceType:SMEX UI. #015